Publishing details

Removed from disk on 2020-07-10.
Removal requested on 2020-07-10.
Published on 2018-05-04
Copied from ubuntu artful in PPA for Ubuntu Security Proposed by Ubuntu Archive Robot

Changelog

jackson-databind (2.8.6-1+deb9u4build0.17.10.1) artful-security; urgency=medium

  * fake sync from Debian

jackson-databind (2.8.6-1+deb9u4) stretch-security; urgency=high

  * Team upload.
  * Fix CVE-2018-7489: allows unauthenticated remote code execution because of
    an incomplete fix for the CVE-2017-7525 deserialization flaw. This is
    exploitable by sending maliciously crafted JSON input to the readValue
    method of the ObjectMapper, bypassing a blacklist that is ineffective if
    the c3p0 libraries are available in the classpath. (Closes: #891614)

 -- Steve Beattie <email address hidden>  Thu, 03 May 2018 23:12:44 -0700

Available diffs

Builds

amd64

Package files

jackson-databind_2.8.6-1+deb9u4build0.17.10.1.debian.tar.xz (8.7 KiB)
jackson-databind_2.8.6-1+deb9u4build0.17.10.1.dsc (2.5 KiB)
jackson-databind_2.8.6.orig.tar.xz (721.5 KiB)
libjackson2-databind-java-doc_2.8.6-1+deb9u4build0.17.10.1_all.deb (1.2 MiB)
libjackson2-databind-java_2.8.6-1+deb9u4build0.17.10.1_all.deb (1.1 MiB)